package cn.aixuegao.mybatis.utils;

/**
 * @author: huangxingyao
 * @date: 2020/03/26
 * @what:
 * @why:
 * @how:
 */
public class AntiSqlInjection {


    public final static String regex = "'|%|--|and|or|not|use|insert|delete|update|select|count|group|union" +
            "|create|drop|truncate|alter|grant|execute|exec|xp_cmdshell|call|declare|source|sql";

    /**
     * 把SQL关键字替换为空字符串
     * @param param
     * @return
     */
    public static String filter(String param){
        if(param == null){
            return param;
        }
        //(?i)不区分大小写替换
        return param.replaceAll("(?i)"+regex, "");
    }


}
